from the obligated-to-hold-onto-everything-just-in-case-government-wants-to-see-it dept

The "do something" resulting from the Enron scandal was Sarbanes-Oxley. To date, the law has done very little to curb corporate fraud -- its intended target. But it has become a handy tool for prosecutors looking to stack charges against defendants far removed from the financial world.

We've discussed this at length before. One of the stipulations of Sarbanes-Oxley is the preservation of evidence. Failing to do so, or purposefully destroying records, can result in felony criminal charges. This, unfortunately, doesn't even have to be willful destruction. The law forbids the destruction of evidence, regardless of personal knowledge of ongoing investigations, or even if no investigation has even commenced.

In a hypothetical posed recently (containing a real-world example), finding yourself in possession of child pornography poses a serious dilemma. Possession is a crime, but so is destruction of evidence. Sarbanes-Oxley demands the preservation of evidence in "foreseeable" investigations, and child porn possession is one of those crimes no law enforcement agency ignores.

This aspect of Sarbanes-Oxley is being used again, this time in relation to the Boston Marathon bombing. A cab driver who was friends with the Tsarnaev brothers is now facing multiple charges, including lying to investigators about his relationship with the Tsarnaevs, as well as destruction of records under Sarbanes-Oxley, the latter of which carries a 20-year prison sentence of its own.

Khairullozhon Matanov is a 24-year-old former cab driver from Quincy, Massachusetts. The night of the Boston Marathon bombings, he ate dinner with Tamerlan and Dhzokhar Tsarnaev at a kebob restaurant in Somerville. Four days later Matanov saw photographs of his friends listed as suspects in the bombings on the CNN and FBI websites. Later that day he went to the local police. He told them that he knew the Tsarnaev brothers and that they'd had dinner together that week, but he lied about whose idea it was to have dinner, lied about when exactly he had looked at the Tsarnaevs' photos on the Internet, lied about whether Tamerlan lived with his wife and daughter, and lied about when he and Tamerlan had last prayed together. Matanov likely lied to distance himself from the brothers or to cover up his own jihadist sympathies—or maybe he was just confused.

Then Matanov went home and cleared his Internet browser history.

The last sentence is a criminal act, despite being something millions of people do every day. Some even utilize built-in options in their browsers that dump history and/or clear the cache upon exit. And yet, the law states that this is illegal, should a person ever end up under investigation for anything. That's how broadly the law is written.

It was used to bring additional charges against David Kernell, who hacked into Sarah Palin's email account. The actual hacking resulted in misdemeanor charges. The cleanup processes deployed by Kernell (clearing browser cache, running a disk defragmenter, deleting downloaded photos) were treated as felony obstruction of justice under Sarbanes-Oxley. When these actions occurred, Kernell wasn't under investigation. At best, it could only be assumed that an investigation would result once the hacking attempt was discovered.

Some may feel this interpretation of the law is perfectly acceptable. People who engage in questionable and/or illegal activity shouldn't be allowed to "cover up" their actions in this fashion. But this defense of Sarbanes-Oxley's abused data retention stipulations suggests something very unpleasant about the government's view of who serves who.

Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation, says the feds' broad interpretation of Sarbanes-Oxley in the digital age is part of a wider trend: federal agents' feeling "entitled" to digital data.

Under this law -- and given the prevailing law enforcement/prosecutorial mindset -- US citizens are almost expected to hold onto everything, just in case. The government feels it has the right to dig into your hard drive, browser history, etc. at whatever point it opens an investigation. And if you've "destroyed" any data prior to the examination of your electronic devices, you could face felony charges for performing simple computer maintenance.

As more and more data are stored online, the government wants and believes it deserves access to that data for policing purposes. But Fakhoury disagrees.

"The idea that you have to create a record of where you've gone or open all your cupboards all the time and leave your front door unlocked and available for law enforcement inspection at any time is not the country we have established for ourselves more than 200 years ago."

This law has been on the books for thirteen years now. It hasn't managed to rein in corporate malfeasance, but it's proving to be having a negative effect on citizens who've never scammed a shareholder in their lives.

from the this-is-not-efficient dept

After the dot com bubble burst, quickly followed by major accounting scandals such as Enron, Congress, in the way that it normally does, overreacted with a kneejerk response. The most obvious part of this was the Sarbanes-Oxley rules, which didn't do much (if anything) to actually prevent future frauds, but did make the cost of being a public company much, much, much higher -- effectively creating a serious tax on startups looking to go public. It also built up an entire industry around SOX compliance, that almost guarantees the law can never be repealed. In response, an already weak IPO market went almost entirely dormant, an even as things picked up with startups, fewer and fewer actually wanted to go public. It was just too costly, and the potential liability for execs was way too high. Google resisted going public for as long as it possibly could, before it finally tripped an old SEC rule, that required companies with more than 500 shareholders and over $10 million in assets to effectively act as a public company -- at which point, it figured it might as well just go public.

That was in 2004. In the six years since then, a number of other companies have worked on a number of loopholes and ways to avoid going public even longer. Witness Goldman Sach's recent deal to invest a ton of its investors' money into Facebook shares -- which normally would have tripped this rule -- except that Goldman is playing a little game, and setting it up so that it pretends there's only one shareholder, keeping Facebook away from the magic 500 number. The SEC is apparently already looking into this.

But even before the Goldman/Facebook deal became public, the SEC had apparently begun probing the rise of these new efforts to let hot startups sell shares on a market, without actually going public. Hot startups including Facebook, Twitter, Zynga and LinkedIn have all been heavily involved in such markets, which basically let employees of those companies get many of the benefits of being a public company, without the massive costs and regulatory oversight.

This is, in many ways, the exact opposite of what was intended with things like SOX -- which was designed to increase oversight. But, instead, it's done the opposite. The end result is that wealthy clients of Goldman Sachs and other Wall Street firms can invest in these companies, but others cannot. Now, some might claim that this is a "good" thing, in that the general public shouldn't be investing in highly risky stocks that could easily collapse. But, it's also creating a tiered system where these companies are able to avoid going public for much longer, but the wealthy and well-connected can get in at about the same point that the public used to be able to get in. And, they are buying. Goldman has already announced that it's already oversubscribed.

While some are cheering on the SEC investigation of these practices, it seems to be missing the real lesson here: which is that money always seeks out the unregulated loopholes, and the more you regulate, the more hurdles you put up to efficient markets, the more money will pour into whatever side pools that are left unregulated. And that's dangerous. The economic collapse of 2008 was a result of this, as tons of money went into unregulated areas of the market and was sliced and diced in increasingly misleading ways. The classic response is to just regulate those areas -- but that ignores the fact that there will always be new loopholes and new unregulated areas that money will rush into. We're seeing it all the time.

What's happening with Goldman, Facebook and those other startups can be traced back to SOX in the first place. If we didn't make it ridiculously burdensom to be public, then firms wouldn't seek out these hidden alternatives. But our government refuses to let the market ever learn lessons. The lessons from the dot com bubble and Enron and such should have been that people learned to be more careful in their investments. But the government rushes in and sets up a pretend safety net -- so we never get to learn.

from the this-doesn't-seem-like-a-big-deal... dept

I'm no fan at all of Sarbanes-Oxley, the overly draconian corporate governance law that was passed in the wake of the Enron scandal. Obviously, given the financial messes that we're going through today, it did little to stop financial shenanigans. The reality is that the law did lots of superficial (but extremely expensive) things to basically have someone to pin the blame on, should anything go wrong -- but did little to actually prevent fraud. I'm all for good corporate governance, and efforts to root out fraud -- but Sarbanes-Oxley did no such thing. And, worse, it had pretty massive unintended consequences, such as adding millions to the cost (in pure economic waste) of going public, making it a lot trickier for startups to go public, even if they were completely ready under every other condition. Sure, we had too many IPOs during the dot com boom, but Sarbanes-Oxley made the barrier to going public much greater than it ever should be.

So, I was happy to see headlines suggesting that the Supreme Court is reviewing the law and could possibly throw it out. However, the details are a lot more mundane. Basically, some lawyers are challenging a very narrow part of the law, questioning whether or not it violates the "appointments clause" of the Constitution, which requires that certain officials be appointed by the President or a Cabinet member. So, in this case, officials to a board overseeing Sarbanes-Oxley were appointed by the SEC, rather than a cabinet level representative.

This is nothing to get worked up about.

You may recall, challenging various laws or appointments under this clause has suddenly become popular. We covered a very similar challenge to appointments to the Patent Appeals Board, as well as a similar claim about appointments to the Copyright Royalty Board (and it also came up as an issue during the debate over the TARP program. Of course, with the Patent Appeals Board, all it took was for Congress to make a quick fix to the law, making it so that the law required the Cabinet level member to make the appointment with the "help" of the lower level director who did the original appointments. In other words, nothing really changed other than who signed the appointments.

The only potential "difference" here is that if the Supreme Court sides with those saying this rule is unconstitutional, the entire Sarbanes-Oxley would need to be put back to a vote with any changes, and the thought is that this could open up the law to be fixed. Of course, that may be wishful thinking, as it would also open up the law to be made much, much worse -- and given the populist attacks on corporate governance and corporate malfeasance these days, it seems quite likely that what comes out would be much, much worse in terms of impact... but any oversight board would be appointed at the cabinet level.

from the about-frickin-time dept

It's been over six years since we began banging the drum around here to get Congress to repeal Sarbanes-Oxley, the law that was hastily written post-Enron to try to prevent such collapses again, but instead simply added a huge compliance tax, without doing much of anything to actually prevent corporate fraud. Corporate fraud is still rampant, and the law did absolutely nothing to prevent the financial collapse we see ourselves in today. There were, instead, massive unintended consequences, leading companies to go public elsewhere, go private or avoid the public markets altogether. The lack of IPOs, especially in the tech space over the past few years, even as the economy was looking strong, is incredibly telling.

So, it's good to see a renewed effort to get Congress to repeal Sarbanes-Oxley, which simply created a massive tax in terms of compliance, with awful unintended (though, totally predictable) consequences -- all while doing almost nothing to cut down on actual fraud.

I am a strong believer in the idea that fraud should be punished heavily -- but Sarbanes-Oxley didn't do that. It just moved the loopholes and punished the honest companies by dumping a huge compliance tax on them. It's been bad for the economy, bad for startups and bad for innovation, and it's time to go.

from the might-we-suggest-the-Amex? dept

As evidence that Sarbanes-Oxley has made it too burdensome for small companies to go public, many have pointed to the rise of London's Alternative Investment Market (AIM), where several American companies have chosen to list. This market is basically a haven for shakier companies that can't list on more established exchanges. A new academic paper suggests that AIM itself represents a model of financial market regulation that warrants exploration. The basic idea is that if you have a system like Sarbanes-Oxley in place, you could also have a market that is exempt from the regulation. Smaller, shakier companies would flock to this market, but investors would know to be wary about investments in these firms. Such a market might resemble the NASD-owned OTC BB market, which trades penny stocks, except that even that market is currently subject to SOX. You can see this concept in place to some extent in the private stock exchanges being established by Wall Street banks, which offer companies a place to list without being subject to regulation. But these are off limits to most investors, and for smaller companies, listing on them doesn't make much sense. One possible objection is that if a SOX-less market were to exist, companies of all sorts would try to list on it, but they'd be imperiling their reputation by doing so. Most likely, the majority of companies would opt to remain on established, reputable exchanges. Seeing as the SEC is actively looking for ways to reform Sarbanes-Oxley, it might be worthwhile to explore the possibility of allowing for the establishment of such an exchange.